<?php

require_once('../inc/utils.php');

function main()
{
	global $g_tplvars;
	$g_tplvars['title'] = 'Assets';
		
	if(!isset($_GET['action']))
	{
		header('Location: asset.php?action=summary');
		exit;
	}
	
	//Look up our access
	restricted();
	if( ($_GET['action'] == '') || ($_GET['action'] == 'summary') || ($_GET['action'] == 'detail'))
		checkinvaccess('read');
	else
		checkinvaccess('full');
	
	//legal actions
	$actions = array(
		'summary',
		'create',
		'docreate',
		'edit',
		'doedit',
		'detail',
		'confirm',
		'delete',
		'retire',
		);
		
	if(!in_array($_GET['action'], $actions))
		summary();
	else
		$_GET['action']();
}

function summary()
{
	//Build list of active assets
	//TODO: pager
	$assets = '';
	$r = dbquery('select * from `assets` where `stopdate` < 0 order by `desc`');
	global $g_tplvars;
	$totalprice = 0;
	while($a = mysql_fetch_object($r))
	{
		foreach($a as $n=>$v)
			$g_tplvars[$n] = $v;
		$g_tplvars['price'] = str_replace(' ', '&nbsp;', sprintf('$%7.2f', $a->price / 100));
		$totalprice += $a->price / 100;
		$g_tplvars['startdate'] =  date('F d Y', $a->startdate);
		$assets .= templatize('../templates/asset-summary-item.html');
	}
	
	$g_tplvars['totalprice'] = str_replace(' ', '&nbsp;', sprintf('$%7.2f', $totalprice));
	
	$g_tplvars['assets'] = $assets;	
	render('../templates/asset-summary.html');
}

function create()
{
	//Find all users
	$userlist = '';
	$r = dbquery('select * from `users` where `uid` > 0');
	global $g_tplvars;
	while($u = mysql_fetch_object($r))
	{
		foreach($u as $n=>$v)
			$g_tplvars[$n] = $v;
		$userlist .= templatize('../templates/asset-user-item.html');
	}
	
	$g_tplvars['userlist'] = $userlist;
	render('../templates/asset-create.html');
}

function docreate()
{
	//Prepare input
	$desc = sanitize_db(sanitize_render($_POST['desc']));
	$tag = sanitize_db(sanitize_render($_POST['tag']));
	$price = sanitize_db(sanitize_render($_POST['price']));
	$startdate = strtotime($_POST['startdate']);
	$price = intval($price * 100);
	$owner = intval($_POST['owner']);
	
	//Add to the database
	dbquery(
			'insert into assets(`desc`,`tag`,`price`,`startdate`,`stopdate`,`owner`) '.
			'values(\'' . $desc . '\', \'' . $tag . '\', \'' . $price . '\', \'' . $startdate
			. '\', -1, ' . $owner . ')'
		);
	
	//and go back to the overview
	header('Location: asset.php');
}

function edit()
{
	global $g_tplvars;
	global $g_config;
	
	//Grab info about the asset, make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//and render
	$a = mysql_fetch_object($r);
	foreach($a as $n=>$v)
		$g_tplvars[$n] = $v;
		
	//Find all users
	$userlist = '';
	$r = dbquery('select * from `users` where `uid` > 0');
	global $g_tplvars;
	while($u = mysql_fetch_object($r))
	{
		foreach($u as $n=>$v)
			$g_tplvars[$n] = $v;
		if($a->owner == $u->uid)
			$userlist .= templatize('../templates/asset-user-item-selected.html');
		else
			$userlist .= templatize('../templates/asset-user-item.html');
	}
	$g_tplvars['userlist'] = $userlist;
	$g_tplvars['price'] = sprintf('$%.2f', $a->price / 100);
	$g_tplvars['startdate'] =  date('F d Y', $a->startdate);
	if($a->stopdate < 0)
		$g_tplvars['stopdate'] = 'In Service';
	else
		$g_tplvars['stopdate'] = date('F d Y', $a->stopdate);
	
	render('../templates/asset-edit.html');
}

function doedit()
{
	//Grab info about the asset, make sure it exists
	$id = intval($_POST['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//Prepare input
	$desc = sanitize_db(sanitize_render($_POST['desc']));
	$tag = sanitize_db(sanitize_render($_POST['tag']));
	$price = sanitize_db(sanitize_render(str_replace('$', '', $_POST['price'])));
	$startdate = strtotime($_POST['startdate']);
	if($_POST['stopdate'] == 'In Service')
		$stopdate = -1;
	else
		$startdate = strtotime($_POST['startdate']);
	$price = intval($price * 100);
	$owner = intval($_POST['owner']);
	
	//Update it
	dbquery(
		'update `assets` set `desc` = \'' . $desc . '\', `tag` = \'' . $tag . '\', ' .
		'`startdate` = \'' . $startdate . '\', `stopdate` = \'' . $stopdate . '\', price = \'' . $price . '\', ' .
		'`owner` = \'' . $owner . '\' where `id` = \''. $id .'\'');
	
	//and go back to the main page
	header('Location: asset.php?action=summary');
}

function detail()
{
	global $g_tplvars;
	global $g_config;
	
	//Grab info about the asset, make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//and render
	$a = mysql_fetch_object($r);
	foreach($a as $n=>$v)
		$g_tplvars[$n] = $v;
	$g_tplvars['price'] = sprintf('$%.2f', $a->price / 100);
	$g_tplvars['startdate'] =  date('F d Y', $a->startdate);
	if($a->stopdate < 0)
		$g_tplvars['status'] = 'In Service';
	else
		$g_tplvars['status'] = 'Retired on ' . date('F d Y', $a->stopdate);
	if($a->owner < 0)
		$g_tplvars['ownership'] = $g_config['company'] . ' property';
	else
	{
		$x = dbquery('select * from `users` where `uid` = \'' . $a->owner . '\' limit 1');
		$u = mysql_fetch_object($x);
		$g_tplvars['ownership'] = 'Loaned to ' . $g_config['company'] . ' by ' . $u->name;
	}
	render('../templates/asset-detail.html');
}

function confirm()
{
	global $g_tplvars;
	$op = sanitize_db(sanitize_render($_GET['confirm']));
	
	//Grab info about the asset, make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//Get warning messages
	$g_tplvars['op'] = $op;
	$g_tplvars['id'] = $id;
	$g_tplvars['desc'] = mysql_fetch_object($r)->desc;
	if($op == 'delete')
		$g_tplvars['warning'] = 'It will be completely removed, including accounting records. This operation cannot be undone.';
	else if($op == 'retire')
		$g_tplvars['warning'] = 'It will no longer show up in inventory reports. Accounting records will still be available.';
	render('../templates/asset-confirm.html');
}

function delete()
{
	//Make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//Delete it
	dbquery('delete from `assets` where `id` = \'' . $id . '\' limit 1');
	
	//and go back to the main page
	header('Location: asset.php?action=summary');
}

function retire()
{
	//Make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `assets` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//Retire it
	$now = time();
	dbquery('update `assets` set `stopdate` = \'' . $now . '\' where `id` = \'' . $id . '\' limit 1');
	
	//and go back to the main page
	header('Location: asset.php?action=summary');
}

?>
